Ubuntu Hardy chrooted bind9 fails to start

Preparing to move my server to LTS Ubuntu Hardy, just testing using vmware
I've found a weird issue while chrooting bind. ( following The Perfect Server Setup )
So I guess this will popup sooner or later anyway...

Woohoo cool that was it, after purging this package it worked, obviously this is not the way to do this, but now I know for certain... apparmor is something new on ubuntu, wasn't aware of it... I'll take a look in the Suse community for a decent manual

I wonder why they would ship a policy that does not work. Am not sure if it will work in the chroot, as most MAC systems use the real file path test if you can and let us know.

Click to expand...

Well the policy did work until I moved & chrooted it... so IMHO that makes sense .. because that's part of what apparmor is supposed to do ( my rudimentary understanding of creating a hat )
I used a symbolic link for all libraries that have path's hard coded ( if I understand you correct ), Bind seems to behave properly so until now all is well.

I still don't know if there's a point in using chrooting & apparmor at the same time, as it might as well weaken security instead of additional hardening...

If someone knows of a deprecated package with known weaknesses I might be able to test those in this kind of environment ( why aren't there 48h days ).

But before that I have to solve another issue with compiling the ISPconfig package, as it's complaining about wrong syntaxes in an empty httpd.conf ...

Thanks for the help on apparmor. I have noticed that bind will still not access the random device and apparmor seems to go out of the chroot jail and take the old one so I have just added two lines at the end to

Do you mind to tell why that is ( aside from the troubles with installing ISPconfig ) ?

Shouldn't that line then read as > It's strongly recommended to disable AppArmor when installing ISPconfig....

Currently I have no troubles whatsoever keeping it installed...

I do have some thoughts on the combination chroot / apparmor as it might well be that instead of adding security, security might get actually weaker. A simple " it's recommended " definitely won't do for an answer....

I still can't get bind9 to start...I've tried the suggestions in this post as well as several others I've found and I'm still getting a permission denied error...

the biggest problem is that I've been using linux for about a week now, so I still know enough to barely fill a thimble-full

the other thing I noticed is that even though I followed falko's instructions on disabling apparmor, it restarts every time I reboot the machine...but I don't think the bind9 error has anything to do with apparmor considering the error is the same whether apparmor is running or not

I know...I probably sound like an idiot...but I'm a confused idiot and would love a little help here

...
the other thing I noticed is that even though I followed falko's instructions on disabling apparmor, it restarts every time I reboot the machine...but I don't think the bind9 error has anything to do with apparmor considering the error is the same whether apparmor is running or not
...

Click to expand...

k.
well I suggest continuing learning linux coz it's a wonderful thing...
...
now, your problem at hand...
the chances of getting proper help on the forums grows as you provide good info..
so before anything else > what Linux flavour are you using ( they all differ a little > places of configs / commands etc... )
are you familiar with file permissions ( does 777 / 644 ring a bell ? )
owner permissions ? ( not all users can run all services )...
I've got to go for a couple of hours, but will be back in 2-3 from now on